🇷🇺

Void Rabisu

APT Group Financial gain Information theft and espionage 23 zero-day CVEs ETDA ✓

Also Known As 1 names

Tropical Scorpius

Target Countries 5

Countries highlighted in red

Canada Cameroon Japan Ukraine United States

Sectors Targeted

Financial Motion Picture and Video Production 51211 Manufacturing Shipping and Logistics Healthcare Government High-Tech Education Transportation Computer Systems Design and Related Services 54151 Computer Systems Design Services 541512 Construction Independent Artists, Writers, and Performers 7115 Energy

Details

Origin 🇷🇺 RU
Last Updated 21 Oct 2023

MITRE ATT&CK 73

T1003 - OS Credential Dumping T1005 - Data from Local System T1012 - Query Registry T1016 - System Network Configuration Discovery T1021.001 - Remote Desktop Protocol T1021.002 - SMB/Windows Admin Shares T1027 - Obfuscated Files or Information T1027.002 - Software Packing T1033 - System Owner/User Discovery T1036 - Masquerading T1047 - Windows Management Instrumentation T1053 - Scheduled Task/Job T1053.005 - Scheduled Task T1055 - Process Injection T1056 - Input Capture T1057 - Process Discovery T1059 - Command and Scripting Interpreter T1059.001 T1059.003 - Windows Command Shell T1059.007 - JavaScript T1068 - Exploitation for Privilege Escalation T1069 - Permission Groups Discovery T1070 - Indicator Removal on Host T1070.001 - Clear Windows Event Logs T1071 - Application Layer Protocol T1071.001 - Web Protocols T1074 - Data Staged T1078 - Valid Accounts T1080 T1082 - System Information Discovery T1083 - File and Directory Discovery T1102 - Web Service T1102.001 - Dead Drop Resolver T1102.002 - Bidirectional Communication T1105 - Ingress Tool Transfer T1105.001 T1106 - Native API T1112 - Modify Registry T1113 - Screen Capture T1132.001 - Standard Encoding T1135 - Network Share Discovery T1140 - Deobfuscate/Decode Files or Information T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution T1204 - User Execution T1204.002 - Malicious File T1210 - Exploitation of Remote Services T1218.011 - Rundll32 T1482 - Domain Trust Discovery T1486 - Data Encrypted for Impact T1490 - Inhibit System Recovery T1497 - Virtualization/Sandbox Evasion T1518 - Software Discovery T1543.003 - Windows Service T1547 - Boot or Logon Autostart Execution T1547.001 - Registry Run Keys / Startup Folder T1553 - Subvert Trust Controls T1560 - Archive Collected Data T1562.001 - Disable or Modify Tools T1564.004 - NTFS File Attributes T1566 - Phishing T1569 - System Services T1572 - Protocol Tunneling T1574 - Hijack Execution Flow T1574.001 - DLL Search Order Hijacking T1583.001 - Domains T1587.001 - Malware T1588.001 - Malware T1588.002 - Tool T1588.005 - Exploits T1588.006 - Vulnerabilities T1614 - System Location Discovery

Related Zero-Days 23

CVE-2013-3893 CVE-2023-36884 CVE-2023-46805 CVE-2024-21338 CVE-2024-21887 CVE-2024-29745 CVE-2024-29748 CVE-2024-32896 CVE-2024-3400 CVE-2024-38178 CVE-2024-44308 CVE-2024-44309 CVE-2024-49039 CVE-2024-53104 CVE-2024-8068 CVE-2024-9680 CVE-2025-25256 CVE-2025-43300 CVE-2025-54948 CVE-2025-6218 CVE-2025-7775 CVE-2025-8088 CVE-2025-8424